[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] qemu: Support for overriding NPROC limit



On 04/05/2011 08:09 AM, Jiri Denemark wrote:
> This patch adds max_processes option to qemu.conf which can be used to
> override system default limit on number of processes that are allowed to
> be running for qemu user.
> ---
>  src/qemu/libvirtd_qemu.aug      |    3 +++
>  src/qemu/qemu.conf              |    7 +++++++
>  src/qemu/qemu_conf.c            |    4 ++++
>  src/qemu/qemu_conf.h            |    2 ++
>  src/qemu/qemu_process.c         |   24 ++++++++++++++++++++++++
>  src/qemu/test_libvirtd_qemu.aug |    4 ++++
>  6 files changed, 44 insertions(+), 0 deletions(-)
> @@ -1821,6 +1842,9 @@ static int qemuProcessHook(void *data)
>  {
>      struct qemuProcessHookData *h = data;
>  
> +    if (qemuProcessLimits(h->driver) < 0)
> +        return -1;

Which UID is in effect at this point?  While setrlimit() adjusts an
inherited value, I'm a bit worried that tracks different limits per uid,
and if the call is made while the real uid is root instead of qemu, then
we might be affecting the wrong limit.  Does this call need to be
delayed until after the virSecurityManagerSetProcessLabel, or after we
are sure that we have changed identities?

But other than that question, the code looks sane, and I appreciate
seeing the augeas modifications, too.

-- 
Eric Blake   eblake redhat com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]